MAAS

Incorrect Nginx Logging Configuration on MAAS Snap

Bug #2013120 reported by Adam Vest
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Invalid
Medium
Unassigned
MAAS 3.3.5

Bug Description

Hello,

Noting that the "nginx.log" file on my region and rack controllers is logging complaints about a non-existent error.log location:

---
root # tail -n1 /var/snap/maas/common/log/nginx.log
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (2: No such file or directory)
---

Indeed, this appears to be configured as such for both the error and access logs:

---
root # grep _log /snap/maas/current/etc/nginx/nginx.conf
        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;
---

If one attempts to create this directory and those files, Apparmor then swings in and denies access, as it probably should:

---
Mar 28 15:41:50 host kernel: [ 246.253806] audit: type=1400 audit(1680018110.086:75): apparmor="DENIED" operation="open" profile="snap.maas.supervisor" name="/var/log/nginx/error.log" pid=3311 comm="nginx" requested_mask="ac" denied_mask="ac" fsuid=0 ouid=0
---

Propose that these log locations be changed to something like:

---
        access_log /var/snap/maas/common/log/nginx/access.log;
        error_log /var/snap/maas/common/log/nginx/error.log;
---

Thank you for your time!

Current MAAS Version:
root # snap list maas
Name Version Rev Tracking Publisher Notes
maas 3.3.1-13169-g.94920eb1e 26658 3.3/stable canonical✓ -

Eline Maaike De Weerd (emdw)
Changed in maas:
status: New → Triaged
importance: Undecided → Medium
milestone: none → 3.3.x
Revision history for this message
Gaetan Gouzi (ggouzi) wrote :

Hello,

Here is my two cents theory as I am facing same behavior:

- Changing error_log path in nginx.conf doesn't seem to clear the error log (could not open error log file: open() "/var/log/nginx/error.log") and I suspect it is caused by nginx behavior to check for /var/log/nginx/error.log file by default.

There has been some tickets about it on nginx repo. A new nginx argument (-e) to override error_log path. See https://trac.nginx.org/nginx/ticket/147 since nginx 1.19.5. But as far as I understand, we are using version 1.18.

Revision history for this message
Adam Collard (adam-collard) wrote :

Thanks for filing the bug.

Unfortunately, you've made a misdiagnosis - so yes, you'll see the complaint about the error log which is the upstream issue that Gaetan references. MAAS snap doesn't use the config that you grepped.

here's the correct grep

$ sudo grep _log /var/snap/maas/current/http/nginx.conf
error_log stderr;
    access_log syslog:server=unix:/var/snap/maas/current/syslog/rsyslog/log.sock,facility=daemon,tag=maas_nginx,severity=debug,nohostname;

Check the process tree to convince yourself that we don't use the config in /snap/maas/current/etc/nginx

Changed in maas:
status: Triaged → Invalid
Alexsander de Souza (alexsander-souza)
Changed in maas:
milestone: 3.3.x → 3.3.5
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.